The SG Site Scanner service by SiteGround was first launched in 2011 and was previously known as SiteGround’s Hackalert service.
Even though SiteGround is one of the most secure hosting providers (we discuss this later in the article), the Site Scanner provides that extra level of comfort by constantly monitoring your website for malicious files and will even isolate those files when found.
This article will look at the Site Scanner in detail and discuss when and why you might want to use the service.
What is the SG Site Scanner?
The Site Scanner is a malware detection and early warning system.
There are two plans:
- Site Scanner Basic
- Site Scanner Premium
The Site Scanner Basic features include:
- URLs scan - The URLs scan checks pages on your website for malicious behavior and infections.
- Domain blacklist scan - SiteGround checks whether your domain has been blacklisted in the search engines due to hacks or suspicious behavior. The blacklist checks information from Google, Yandex, Chrome, Firefox, Norton, McAfee, and more.
- Site Protect Mode - If you get a malware notification or suspect your website may be compromised, you can enable Site Protect Mode. This allows you to disable all file uploads to your website and disable the execution of PHP shell commands until you can ensure the website is no longer infected.
- Email threat notifications - SiteGround sends immediate notifications if they detect anything suspicious with your site.
- Email weekly reports - SiteGround sends a weekly email about your site’s status.
- On-demand manual scan - You can manually scan your entire website (domain, links, and files) at any time through your Site Scanner interface. Run a scan if you have any concerns that your website may be compromised or after a cleanup to ensure that your website is malware-free.
- 30 days scan history - You can find a 30-day history of your site scans in your Site Scanner interface with the scan results and detailed information about threats and malware.
The Site Scanner Premium features include:
- Comprehensive Files scan - This is SiteGround’s most comprehensive malware check. It will check every single file hosted on your account. It will check for malware, suspicious code, and other irregularities.
- File upload scan - With file upload scan SiteGround will check every new file uploaded to your site - whether it’s through File Manager, FTP, or your WordPress backend. This is one of SiteGround’s best prevention tools that can detect malware as soon as it appears and will notify you immediately.
- File upload quarantine - If a threat is detected during a new file upload, SiteGround will immediately quarantine the affected file.
The Site Scanner Interface
As with most tools SiteGround produce, everything is extremely simple to use. It’s one thing that makes SiteGround so great for users just starting out with their first website.
In the Site Tools area for your website, you can access the Site Scanner via the Security menu option.
Manual URL + Files Scan
All Basic and Premium users can start an instant manual scan. To do this, click “Start Scan”.
When the scan is complete, it will let you know whether it has found any malware or whether your scan is blacklisted.
Site Scanner Scan History
At the bottom of the SG Scanner interface, you will access details of any scans for the last 30 days. This is extremely useful for knowing exactly when your website was infected with malware so you can take the appropriate steps. For instance, you can restore your website from a backup before the infection date.
The history will show your daily URL scans plus your manual URL + file scans.
The premium plan will include a daily advanced file scan and automatically scan all new files when uploaded. This is particularly useful if you install many third-party plugins.
You have the option to turn on weekly email notifications. Enabling this feature will give you a weekly summary of your daily website scans.
Regardless of this setting, you will still receive email alerts when an issue is detected.
You can see an example email report below:
If you have SG Site Scanner Premium, you can configure it to automatically move any malicious files to a separate folder outside your document root.
You can review any quarantined files and choose to either restore or delete them.
Site Protect is a reasonably new addition to the SG Site Scanner. It is intended to be used when you believe your site to be compromised.
It essentially allows you to lock down your site while you assess the situation and includes the following features:
- Disable FTP
- Disable SSH
- Disable PHP Upload
- Disable execution of shell commands via PHP
Enabling these options will stop any malicious actor from carrying out any further damage to your website.
Once you have removed any malicious files and are sure your website is safe, you can disable the Site Protect options.
SiteGround Security without SG Site Scanner
Even without the SG Site Scanner, SiteGround is one of the most secure web hosting providers around.
Let’s take a brief look at what they offer.
At a server level, SiteGround’s security offers the following:
- Hosting account isolation
- Web Application Firewall
- Smart AI Anti-bot system
- 2-Factor Authentication for users
- Reliable Distributed Backups
What stands out is that the hosting account isolation is on a per-website basis. If you have many websites on the same hosting account, they are all isolated from each other.
If instead, you have cPanel hosting, all websites on the same account will share a file system. If one WordPress site is hacked, all other sites on the same hosting account are also at risk.
With SiteGround, this cannot happen. We cannot state enough just how important this is.
Furthermore, you can also install SiteGround’s SG Security plugin that implements several best practices, including:
- Lock and Protect System Folders
- Hide WordPress Version
- Disable Themes & Plugins Editor
- Disable XML-RPC
- Disable RSS and ATOM Feeds
- Advanced XSS Protection
- Delete the Default Readme.html
As well as securing the WordPress login by:
- Setting a custom login URL
- Restricting your login page to a specific IP address to prevent brute force attacks
- Enabling two-factor authentication for your WordPress site
- Disabling common usernames (such as “admin”)
- Limiting login attempts
How much does SG Site Scanner Cost?
Siteground’s SG Site Scanner Basic costs just $2.49 per month (billed yearly at $29.88) when purchased simultaneously with your web hosting plan. This includes a 50% discount.
However, if you wish to purchase the Premium Site Scanner, you will need to do so later from within the client area.
If you purchase it later or renew the service, the price will vary depending on what offer they are promoting at that time.
As of January 2023, they appear to have two different promotions:
- £9.99 (we presume the US price is $9.99) with two months free when signing up for a year.
- From £4.99 per month, which we also presume requires a 12-month subscription.
The screenshot has some ambiguity about the offer they are promoting. We will seek clarification from SiteGround and update this article in due course.
Is the SG Site Scanner worth getting?
Yes. Here is why.
It runs at a server level. The SG Site Scanner is not simply a WordPress security plugin. The tool runs at a server level, is designed to work perfectly with SiteGround hosting, and can check files that other plugin-based systems cannot.
Peace of mind. The plugin will give complete peace of mind that your website is malware free and is not blacklisted by search engines.
Constant monitoring. If a problem is encountered, you will know immediately. You can restore your site from recent backups and quickly get it back up and running.
If you decide to buy the SG Site Scanner, we recommend the Premium version.
This will give maximum protection by including daily file scans, file upload scans, and automated quarantine of malicious files.
We recommend getting the SG Site Scanner Premium if:
- Any downtime costs you money. Your site is integral to your business, and any downtime costs you money.
- You constantly update your site. You make many changes to your website each day or week, and it is essential to know if your site is infected by malware as quickly as possible to avoid lost data.
It is not essential to buy the SG Site Scanner if:
- You are on a budget. Your website is a hobby. It makes little or no money, and you are on a tight budget.
- Your website never changes. You make little to no changes and can use an old backup to restore your website with no data loss. We recommend having your own backups stored off-site if this is your failsafe.
We find the defining moment when users start paying for increased security on their website is after they first get hacked.
Because many users don’t realize their website have been hacked for days, weeks, or even months, they have no safe backups to revert to. Not only is it costly to get fixed (around $200 with Sucuri’s service), but your site can be down for days too.
If, on the other hand, you constantly monitor your website for malware using SG Site Scanner, you can fix your website by using SiteGround’s Security Plugin (Post-hack Actions) or by restoring from a known safe backup.
You’d be back up and running within the hour. Plus, you can instantly verify the fix by running another scan.
Site Scanner FAQs
What is the difference between Site Scanner Basic and Site Scanner Premium?
The Premium version includes the following:
- Comprehensive Files scan
- File upload scan
- File upload quarantine
Further details can be found in the article.
Can I purchase a separate Site Scanner for my subdomain?
The SG Site Scanner can only be used on the account’s primary domain. Therefore SG Site Scanner is not available for subdomains.
Does Site Scanner renew automatically?
When you purchase the SG Site Scanner, it is set to renew automatically.
You cancel the Site Scanner auto-renewal settings at any time by going to the “Websites” section in the SiteGround client area, scrolling to the bottom, and clicking the renewal settings option in the kebab menu next to the Site Scanner service.